Skip to main content

How to add a certificate to cacerts

Step by step

This procedure is valid for the docker environment, but it is not for Kubernetes. 

How to add the Sync server certificate to the Java key store of Soffid console or Soffid PAM launcher.

1. Start by downloading the certificate from the Sync server:

a. Connect to https://<SYNC-SERVER>:1760/SAML/metadata.xml?tenant=<your-tenant>

To get the master's certificate:


To get a tenant's certificate:


b. Download the certificate:




2. Copy the certificate file to the container (Soffid Console or Soffid PAM Launcher):

Sample how to copy the file to the tmp folder:

sudo docker cp iam-sync.soffidnet iam-console:tmp

Sample how to copy the file to the root folder:

sudo docker cp iam-sync.soffidnet iam-console:/

3. Connect to the container

sudo docker exec -it iam-console /bin/bash

4. Import the certiticate: 

keytool -import -file /tmp/iam-sync.soffidnet -cacerts
  • password: changeit
  • Trust this certificate? [no]:  yes
  • Certificate was added to Keystore

5. Restart the container

If you want to display the current certificate:

openssl s_client -connect iam-sync.soffidnet:1760 -showcert